Yung pfsense box ko has 1integrated LAN and 1pci lan card. Yung isp ko is dumaan muna sa pfsense box to one of its lan card (sa pci lan card) then from integrated LAN papunta ng switch
Yan tama yan...
Forum Topic
Unified PFSense Users
-
Yan tama yan... -
Hello,
Im getting error sa Pfsense openvpn error (remote site). most of it is Handshake error. I follow the instruction sa website at sa youtube but same error. Meron po ba kayong tips?
Meron akong static ip at dynamic Ip ang interface ng openvpn ko is ung dynamic.
-- edited by clay005 on Apr 19 2016, 07:33 PM -
mga sir, patulong po sa setup ng captive portal at opendns, nag try kasi akong iset ang address ng opendns sa general setup at dhcp server, nag work naman pero di gumana ang captive portal.
please help..... -
mga master bkt po kaya ng lalag prn ako pag nag papatch yung ibang pc client ko? ng limiter nmn po ako.. panu kya un mga master? ty.. :)
-
@jawslash thanks sa comment sir
another question po mga sir,
napansin ko lang po pag wifi devices ang nag browse, parang hindi sya kasama sa rules/traffic shaper na ginawa ko? yung current wifi access po is galing sa modem (built in wifi sa modem na provided ni ISP)
may nabasa ako na need ko mag install ng wifi card sa pfsense box? this is to control the bandwith of wifi users? if yes, ok lang po ba yung mga usb type na wifi access ang ikabit ko instead na wifi cards? -
if dedicated baka makaron ng driver issue...if via virtual naman walang kaso yan...
pwede naman wifi card.. or gamit kana lng ng wireless router saksak sa hub then set traffic shaper pointing to ip ng AP mo...
in my case 2 ap yan..define yung in at out bandwidth..sorry magulo explaination
-
@babygel thanks sa info sir
meron pa naman ako extra router na may wifi access, try ko configure muna baka makukuha ko. bale gagawa ako ng sariling traffic shapper para kay wifi? bale 2 magiging traffic shaper ko, 1 for LAN and 1 for wifi access, tama po ba? -
thanks @st_anger_711, @babygel and sa lahat ginagamay ko pa yung mga binigay nyong idea at tumitingin ng tuts related dun sa suggestions nyo
THANKS :D -
Question...
Alam ko sira ang limiters + squid proxy sa 2.2.x and up, so pano ninyo magagawang mag block ng websites?
Do you guys go the OpenDNS route or nag add kayo ng second machine just to do squid transparent proxy?
Ang requirements ko kasi is to limit internet speeds, be able to filter out specific websites, cache if possible but still give way to VIP users on bandwidth restrictions while still having everyone complete access sa lahat ng LAN computers. -
question lalng po mga master ano po kaya problema ng pfsense ko di ako maka connect sa facebook sa ibang site ok nmn lahat facebook lng po khit re install ko pfsense ko ayaw parin kapag naka direct ako sa modem nakaka conect naman po sa facebook :( ano po kaya problema salamat po sa sasagot
-
question lalng po mga master ano po kaya problema ng pfsense ko di ako maka connect sa facebook sa ibang site ok nmn lahat facebook lng po khit re install ko pfsense ko ayaw parin kapag naka direct ako sa modem nakaka conect naman po sa facebook :( ano po kaya problema salamat po sa sasagot
- Post deleted #11656159
-
^
sa dns yan sir merun ka dns forwarder service. . -
May project ako ngayon kaso from Manila (Head Office) to Cebu (Remote site) naman kelangan ng site to site. Ang objective is to monitor yung attendance ng mga employees sa mga construction sites na tatakbo lang ng 6 to 12 months. Kelangan lang i-transfer yung mga extracted payroll reports papunta sa manila head office na parang naka LAN ka lang.
Anong possible na gagamatin dito? Pfsense OpenVPN or Cisco Catalyst routers? Kaya ba ng wireless broadband connection para sa pag-transfer ng files upto 100 mb papunta kay head office? Maraming salamat. -
^ dropbox sapat na sa pangangailangan mo d mo na kailangan ng VPN 100mb lng nman pala perong kung kailangan mo talaga ng remote access Openvpn ka na lng.
-
@monsterbaker
Ano muna yung ISP plan nyo sa Manila at Cebu? Kase need mo rito ng higher upload para sa reaction mo sa remote access.
Yung broadband di sapat yan, wireless broadband pa. Upload pa lang iiyak ka na. Pero kung pure command line interface lang ang pang access mo at pag extract ng payroll mo sapat naman na yang wireless broadband nyo kung sobrang tight ang budget at ayaw maglabas ng pera.
Kung gusto mo ng mabilisang setup, disregard pfsense and go to teamviewer instead.
Kung gusto mo naman na nakikita mo talaga yung logs try IPSEC setup site to site or OpenVPN site to site setup.
If you'll setup a VPN machine unit. Look for a higher specs of processor. If you tried a dual core setup you'll die. -
clerrific Send Message View User Items on 04 May 16 @ 03:57 PM #
@monsterbaker
Ano muna yung ISP plan nyo sa Manila at Cebu? Kase need mo rito ng higher upload para sa reaction mo sa remote access.
Yung broadband di sapat yan, wireless broadband pa. Upload pa lang iiyak ka na. Pero kung pure command line interface lang ang pang access mo at pag extract ng payroll mo sapat naman na yang wireless broadband nyo kung sobrang tight ang budget at ayaw maglabas ng pera.
Kung gusto mo ng mabilisang setup, disregard pfsense and go to teamviewer instead.
Kung gusto mo naman na nakikita mo talaga yung logs try IPSEC setup site to site or OpenVPN site to site setup.
If you'll setup a VPN machine unit. Look for a higher specs of processor. If you tried a dual core setup you'll die.
Sa main office naka fiber plan 100mbps pero sa remote site which is construction buildings hindi ko ma guarantee kung ano yung pinaka-safe na upload and download speed ni wireless broadband since possible na kulob or baka dead spot itong site. Hindi ko mapa-pull out yung binili nilang wireless broadbands since may ibang management na nag approve nito at hindi ko alam ang magiging diskarte nila.
Kapag nag OpenVPN site to site ako sir kelangan ko pa ba mag port forward at bridge mode setup sa router? Maraming salamat po.
Kung malabo po si wireless broadband sa remote site ang magiging main objective ko nalang i-monitor yung biometrics in and out ng employees real time. -
Kapag nag OpenVPN site to site ako sir kelangan ko pa ba mag port forward at bridge mode setup sa router? Maraming salamat po.
Naka face sa public yung openvpn server mo na pang site to site
secure naman yan kase ang iaallow mo lang naman sa isp fw rule inside pfsense eh ping.
sa openvpn fw rule mo yung mga network ports needed lang like ms rdp/ssh at icmp at payroll app related network port(kung meron).
same rule sa openvpn with your local lan allow lang yung network ports na need lang. -
Hindi ko mapa-pull out yung binili nilang wireless broadbands since may ibang management na nag approve nito at hindi ko alam ang magiging diskarte nila.
I feel you bro haha! Same situation tayo dito sa work ko din nag implement sila ng work from home. Etong management manager na to ipinipilit yung okay daw yung broadband dongle/pocket wifi.
Ayon pinagbigyan ko. The results, nabackout yung work from home kase ang bagal sinabe na kase tigas ng ulo HAHA! Ayun naging NGANGA FROM HOME HEHE!! -
clerrific Send Message View User Items on 04 May 16 @ 06:05 PM #
Kapag nag OpenVPN site to site ako sir kelangan ko pa ba mag port forward at bridge mode setup sa router? Maraming salamat po.
Naka face sa public yung openvpn server mo na pang site to site
secure naman yan kase ang iaallow mo lang naman sa isp fw rule inside pfsense eh ping.
sa openvpn fw rule mo yung mga network ports needed lang like ms rdp/ssh at icmp at payroll app related network port(kung meron).
same rule sa openvpn with your local lan allow lang yung network ports na need lang.
Noted sir maraming salamat po sa idea.. :D
clerrific Send Message View User Items on 04 May 16 @ 06:09 PM #
Hindi ko mapa-pull out yung binili nilang wireless broadbands since may ibang management na nag approve nito at hindi ko alam ang magiging diskarte nila.
I feel you bro haha! Same situation tayo dito sa work ko din nag implement sila ng work from home. Etong management manager na to ipinipilit yung okay daw yung broadband dongle/pocket wifi.
Ayon pinagbigyan ko. The results, nabackout yung work from home kase ang bagal sinabe na kase tigas ng ulo HAHA! Ayun naging NGANGA FROM HOME HEHE!!
Based na rin po sa naging experienced mo sa wireless broadband, baka i-teamviewer ko nalang yung mga inconsistent na remote sites since short term lang naman siya at after kasi matapos noong project site relocate na ulit yung pc sa ibang remote site. Possible na i-setup kong openvpn or dd-wrt router yung remote warehouse namin. Salamat sa naging feedback niyo sir. ^_^
-- edited by monsterbaker on May 04 2016, 07:18 PM -
Possible na i-setup kong openvpn or dd-wrt router yung remote warehouse namin. Salamat sa naging feedback niyo sir. ^_^
Kung mag dd-wrt router ka nakow gapang yan baka magkaron ka pa ng problema dyan. Baka mag overheat pa yan.
Pag mga vpn setup talaga need mataas na specs na processor. Sa proc kase nabase kung gaano kabilis yung encrypt/decrypt non. -
sa dns yan sir merun ka dns forwarder service.
pano gagawin ko bossing wla nmn ako ginalaw sa settings ko sa pfsense bigla nlng ayaw mag facebook thanks po
wla rin ako dns forwarder
-- edited by MX5Digital on May 05 2016, 12:12 AM
-- edited by MX5Digital on May 05 2016, 02:38 AM -
nagbago na pala gui ng pfsense ngayon, mas malinis, modern.
-
@st_anger_711
create gateway profiles;
"BrowsingFailoverGaming = T1 for Browsing, T2 for Gaming.
GamingFailoverBrowsing = T1 for Gaming, T2 for Browsing.
create FW rules for the following http, https and ftp then for gateway choose BrowsingFailoverGaming. then edit LAN def, change gateway to GamingFailoverBrowsing.
pinaka basic na setup yan para sa separate browsing and gaming."
nalito ako dito sa part ng create FW rule http,https and ftp= gateway = BrowsingFailoverGaming.
dito tlga ako sa part nato nalito = "then edit LAN def,change gateway to GamingFailoverBrowsing."
san yung LAN def? 2.2.5 po yung version ko thanks -
nalito ako dito sa part ng create FW rule http,https and ftp= gateway = BrowsingFailoverGaming.
1. gawa ka ng rule sa LAN, click mu yung + sign.
2. change mu protocol form tcp to tcp/udp.
3. change mu yung destination port range to http.
4. fill out description e.g. (http)
5. change mu yung gateway, click mu yung advance button tas may lalabas ng drop down menu, select BrowsingFailoverGaming.
for https and ftp just follow above instructions pero sa destination port range choose https and ftp.
for LAN Default, edit mu click mu yung "e" button, change gateway, click advance button then select GamingFailoverBrowsing. -
Inquiry Sir,
San po ba dapat ang location ng Squid Proxy cache? nasa /var kasi by default and i noticed ang liit ng space dun.
Filesystem Size Used Avail Capacity Mounted on
/dev/ufsid/574170d1488f25dd 224G 791M 205G 0% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/md0 3.4M 96K 3.0M 3% /var/run
devfs 1.0K 1.0K 0B 100% /var/dhcpd/dev
Can anyone clarify this please.
Thanks :) -
I have OpenVPN working and I also created an interface named "OVPNS1" from ovpns1. My question is what is the precedence/priority in Firewall Rules?
Is it: Floating (Quick) -> Interface Groups -> Bridge Interface -> OVPNS1 -> OpenVPN -> Floating (Non-Quick)
I have configured the OpenVPN with tap mode and I'm able to get IP address from DHCP of LAN. However even if I create a Firewall Rule to allow access to other subnets, it just won't. How can I solve this?
For PPTP VPN, if I create an interface for all of its instances/port then combine them in Bridge0 with LAN. How can I force it to use the DHCP service from the LAN interface?
I have setup Squid with RADIUS authentication and SquidGuard with LDAP Filtering. Will Groups ACL get evaluated first versus Common ACL?
My Groups ACL have been setup with LDAP Filtering by using LDAPUSERSEARCH. My problem is that each of my AD users are members of multiple AD groups (user1 is a member of G_Facebook & G_Youtube). When I tested it by browsing youtube.com, the user always evaluates to G_Facebook since it is of higher order in Groups ACL. Is there a way for SquidGuard to evaluate all Groups ACL?
Next, I will be setting up Traffic Shaper rules, are there any incompatibilities between Squid and Traffic Shaper?
Thanks! -
rals2013 Send Message View User Items on 23 May 16 @ 04:33 PM #
Inquiry Sir,
San po ba dapat ang location ng Squid Proxy cache? nasa /var kasi by default and i noticed ang liit ng space dun.
Filesystem Size Used Avail Capacity Mounted on
/dev/ufsid/574170d1488f25dd 224G 791M 205G 0% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/md0 3.4M 96K 3.0M 3% /var/run
devfs 1.0K 1.0K 0B 100% /var/dhcpd/dev
Can anyone clarify this please.
Thanks :)
nasa /var/squid/ -
Good evening po mga sir need help lang po sna me makatulong.
problem ko po is d ko po masetup ang ipconfig ng em1 ko po
setup:
pci is em0/wan which is dynamic
pcie is em1 so ggwin kong static ask ko po ano lalagay kong default gateway and dns server para magkaroon po ng net ang mga client ko -
^
sa initial setup pag ask kung anu yung WAN at LAN, specify mu lang.